Can't get virus off and unable to restart

[Wilt553]

I accidentally downloaded a virus. I'm trying to completely restart my computer, but every time I do it doesn't work. I used Malwarebytes and Adwcleaner several times to try and rid of it. It got rid of some of it, but I believe its still there. I'm unable to change my internet and I cant get into Windows Recovery Environment. I tried the Reset this PC button, but it does nothing, holding shift and restarting just acts like a normal restart. Please help.

[nasdaq]

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Let see what these logs will report.

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===

Please post the logs  for my review.

Wait for further instructions

Edited February 22, 2019 by nasdaq

[Wilt553]

Thanks for responding. Here's the logs.

Addition.txt

FRST.txt

[nasdaq]

Hi,

I have identified a bad SmartService infection.

You will need access to a spare PC and a USB flash drive that has not been in contact with the sick PC...
Let me know if you have access to these devices.

I need to know before suggested the fix if you can enable the Recovery Environment.
It will be needed to remove this infection.

Open FRST on the compromised computer:

copy/paste the following inside the text area of FRST. Once done, click on the Fix button. A file called fixlog.txt should appear on your desktop. Attach it in your next reply.

Start::
CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes
CMD: bcdedit.exe /set {default} recoveryenabled yes
End::

http://i121.photobucket.com/albums/o239/kevinf80/Farbar%20Tools/frst%20b.jpg&key=98f8e4fa906452a8ed54423fd0407a3d120fe6064437244ca29c06ed5f968755]

On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
Copy and paste its content in your next reply.

Wait for further instructions.
<<<>>>

[Wilt553]

No, I'm not able to get to Recovery Environment. When I hold shift and restart, it acts like a normal restart. I'm also unsure on how to create the fixlist. Could you please elaborate on that? I believe I have a spare PC and USB.

[nasdaq]

Hi,

You will not need to create a Fixlist.txt. The  next instructions will be to  run the Farbar program in the (RE) Recovery Environment.
Otherwise we will not be able to remove the infection.

Navigate to this topic and follow the instructions from Likhitha V
https://answers.microsoft.com/en-us/windows/forum/windows_10-update/cant-reset-windows-10-could-not-find-recovery/58cc7a57-ec3d-432b-b3a8-619b73805f1a

Read the comments as it may give you an insight of what to expect.

Let me know when you are ready with the RE.

[Wilt553]

Ok, I have read the topic. Am I supposed to start the recovery drive on a separate PC?

[nasdaq]

No. Use the compromised computer. The recovery must be done on that computer.

Edited March 10, 2019 by nasdaq

[Wilt553]

I’m sorry, but I thought I was supposed to get the Windows 10 files from my spare PC because if I used my infected PC, it would bring along the virus into my USB.

Please correct me if I’m wrong.

[nasdaq]

I see what you mean.

To protect your USB run download from your good computer and run this file.
This will protect the USB

Then transfer the ISO 

Download and Run FlashDisinfector

You may have a flash drive infection. These worms travel through your portable drives. If they have been connected to other machines, they may now be infected.

• Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
• Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  Note: Some security programs will flag Flash_Disinfector as being some sort of malware, you can safely ignore these warnings
• The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
• Wait until it has finished scanning and then exit the program.
• Reboot your computer when done.
  

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.

Refer to this page to run this ISO on the compromised computer.
https://www.microsoft.com/en-us/software-download/windows10

[Wilt553]

So am I supposed to download the Media Creation Tool on the uninfected PC and insert the USB then plug the USB back into my infected PC? Or am I supposed to not use my uninfected PC at all and just download the ISO on my infected PC?

I also found this video, is it okay to follow? 

 

[nasdaq]

If you have run the FlashDisinfector on your Flash drive it's protected.

Download the iso from the infected computer and follow the instruction from Likhitha V (Post no. 6)

You can try the Windows update as suggested in the last video.

Hope is works.

 

[nasdaq]

Are you till with me?

[Wilt553]

I’m so sorry, but I thought I had a flash drive. I have been trying to get one, but my parents are very busy. All I can do is just search things up beforehand. I’m very sorry for holding up your time. 

Hopefully this is my last question, but when I have windows downloaded on my drive, how do I boot my PC? I have a windows 10 HP. I heard that I’m supposed to do advanced restart, but it does not do anything.

[nasdaq]

Hi,

I suggest you view the video you posted in post no. 11.

Reinstalling Windows is not my forte. I'm at ease with malware cleaning.

If you have any technical questions I suggest your start a new topic in this Windows 10 Forum.
https://www.bleepingcomputer.com/forums/f/229/windows-10-support/

Let the experts answer your questions.

When you have the Recovery Environment installed you can return here and will continue with the removal of the infection.

[AdvancedSetup]

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks